CVE-2025-42978

Name of the Vulnerable Software and Affected Versions: SAP NetWeaver Application Server Java (affected versions not specified)

Description: The issue concerns a component in SAP NetWeaver Application Server Java that handles outbound TLS connections. This component does not properly verify the hostname of the remote TLS server against the wildcard hostname in the server's certificate. As a result, it may establish a connection to a potentially malicious server, leading to information disclosure. However, this issue does not affect the integrity or availability of the system.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.